Mike McCauley > Authen-TacacsPlus-0.24 > Authen::TacacsPlus

Download:
Authen-TacacsPlus/Authen-TacacsPlus-0.24.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  0
View/Report Bugs
Module Version: 0.24   Source  

NAME ^

Authen::TacacsPlus - Perl extension for authentication using tacacs+ server

SYNOPSIS ^

  use Authen::TacacsPlus;

  $tac = new Authen::TacacsPlus(Host=>$server,
                        Key=>$key,
                        [Port=>'tacacs'],
                        [Timeout=>15]);

  or

  $tac = new Authen::TacacsPlus(
     [ Host=>$server1, Key=>$key1, [Port=>'tacacs'], [Timeout=>15] ],
     [ Host=>$server2, Key=>$key2, [Port=>'tacacs'], [Timeout=>15] ],
     [ Host=>$server3, Key=>$key3, [Port=>'tacacs'], [Timeout=>15] ],
     ...  );

  $tac->authen($username,$passwords);

  Authen::TacacsPlus::errmsg(); 

  $tac->close();

DESCRIPTION ^

Authen::TacacsPlus allows you to authenticate using tacacs+ server.

  $tac = new Authen::TacacsPlus(Host=>$server,      
                        Key=>$key,          
                        [Port=>'tacacs'],   
                        [Timeout=>15]);     

Opens new session with tacacs+ server on host $server, encrypted with key $key. Undefined object is returned if something wrong (check errmsg()).

With a list of servers the order is relevant. It checks the availability of the Tacacs+ service using the order you defined.

  Authen::TacacsPlus::errmsg();

Returns last error message.

  $tac->authen($username,$password,$authen_type);

Tries an authentication with $username and $password. 1 is returned if authenticaton succeded and 0 if failed (check errmsg() for reason).

$authen_type is an optional argument that specifies what type of authentication to perform. Allowable options are: Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_ASCII (default) Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_PAP Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_CHAP

ASCII uses Tacacs+ version 0, and will authenticate against the "login" or "global" password on the Tacacs+ server. If no authen_type is specified, it defaults to this type of authentication.

PAP uses Tacacs+ version 1, and will authenticate against the "pap" or "global" password on the Tacacs+ server.

CHAP uses Tacacs+ version 1, and will authenticate against the "chap" or "global" password on the Tacacs+ server. With CHAP, the password if formed by the concatenation of chap id + chap challenge + chap response

There is example code in test.pl

If you use a list of servers you can continue using $tac->authen if one of them goes down or become unreachable.

  $tac->close();

Closes session with tacacs+ server.

EXAMPLE ^

  use Authen::TacacsPlus;                                             
                                                              
                                                              
  $tac = new Authen::TacacsPlus(Host=>'foo.bar.ru',Key=>'9999');  
  unless ($tac){                                              
          print "Error: ",Authen::TacacsPlus::errmsg(),"\n";          
          exit(1);                                            
  }                                                           
  if ($tac->authen('john','johnpass')){                   
          print "Granted\n";                                  
  } else {                                                    
          print "Denied: ",Authen::TacacsPlus::errmsg(),"\n";         
  }                                                           
  $tac->close();                                              

AUTHOR ^

Mike Shoyher, msh@corbina.net, msh@apache.lexa.ru

Mike McCauley, mikem@airspayce.com

BUGS ^

only authentication is supported

only one session may be active (you have to close one session before opening another one)

SEE ALSO ^

perl(1).

syntax highlighting: